Survival of the Shortest: A Retrospective Analysis of Influencing Factors on Password Composition
We investigate the evolutionary change of passwords over time. For this purpose, we conducted one-on-one interviews and analyzed the complexity and the diversity of users' passwords using different analysis tools. By comparing their first-ever created passwords to several of their currently used passwords (e.g. most secure, policy-based), we were able to trace password reuse, password changes and influencing factors on the evolutionary process.
Emanuel von Zezschwitz
Unfortunately, I no longer work at the LMU Munich, but you can still contact me via mail: emanuel.von.zezschwitz ät ifi.lmu.de
emanuel.von.zezschwitz ät ifi.lmu.de | |
Phone | +49-89/2180-4659 |
Fax | +49-89/2180-4652 |
Address | Emanuel von Zezschwitz Universität München, LFE Medieninformatik Amalienstr. 17 80333 München Germany |
Room | A206 (2nd floor) |
- Research Interest
- Selected Projects
- Scientific Services
- Publications
- Teaching
- Erasmus
- Bachelor, Project and Diploma Theses
Research Interest
Keywords: Human-Computer-Interaction, Usable Privacy and Security, Authentication, Visual Privacy.My research is based on an empirical user-centered approach involving both basic research goals and applied research projects. The basic research aims at gathering an in-depth understanding of the current state of established security mechanisms. The applied research focuses on the design and evaluation of usable security mechanisms which solve existing problems.
Selected Projects
Basic Reasearch
Easy to Draw, but Hard to Trace? On the Observability of Grid-based (Un)lock Patterns
We performed a systematic evaluation of the shoulder surfing susceptibility of the Android pattern (un)lock. The results of an online study (n = 298) enabled us to quantify the influence of pattern length, line visibility, and complexity. The results show that all parameters have a highly significant influence, with line visibility and pattern length being most important.
We performed a systematic evaluation of the shoulder surfing susceptibility of the Android pattern (un)lock. The results of an online study (n = 298) enabled us to quantify the influence of pattern length, line visibility, and complexity. The results show that all parameters have a highly significant influence, with line visibility and pattern length being most important.
Patterns in the Wild: A Field Study of the Usability of Pattern and PIN-based Authentication on Smartphones
We compared the performance of Android-like unlock gestures in comparison with standard PIN, both on smartphones, under realistic conditions. The results indicate that PIN outperforms the pattern lock when comparing input speed and error rates. However, the qualitative results suggest that users tend to accept this and are still in favour of the pattern lock to a certain extent. For instance, it was rated better in terms of ease-of-use, feedback and likeability.
We compared the performance of Android-like unlock gestures in comparison with standard PIN, both on smartphones, under realistic conditions. The results indicate that PIN outperforms the pattern lock when comparing input speed and error rates. However, the qualitative results suggest that users tend to accept this and are still in favour of the pattern lock to a certain extent. For instance, it was rated better in terms of ease-of-use, feedback and likeability.
Applied Reasearch
Making Graphic-Based Authentication Secure against Smudge Attacks
By using touchscreens, oily residues of the users' fingers, smudge, remain on the device's display. As this smudge can be used to deduce formerly entered data, authentication tokens are jeopardized. Based on a thorough development process using low fidelity and high fidelity prototyping, we designed several graphic-based authentication methods in a way to leave smudge traces, which are not easy to interpret.
By using touchscreens, oily residues of the users' fingers, smudge, remain on the device's display. As this smudge can be used to deduce formerly entered data, authentication tokens are jeopardized. Based on a thorough development process using low fidelity and high fidelity prototyping, we designed several graphic-based authentication methods in a way to leave smudge traces, which are not easy to interpret.
SwiPIN - Fast and Secure PIN-Entry on Smartphones
We present SwiPIN, a novel authentication system that allows input of traditional PINs using simple touch gestures like up or down and makes it secure against human observers. We present two user studies which evaluated different designs of SwiPIN and compared it against traditional PIN. SwiPIN is easy to use, significantly more secure against shoulder surfing attacks and switching between PIN and SwiPIN feels natural.
We present SwiPIN, a novel authentication system that allows input of traditional PINs using simple touch gestures like up or down and makes it secure against human observers. We present two user studies which evaluated different designs of SwiPIN and compared it against traditional PIN. SwiPIN is easy to use, significantly more secure against shoulder surfing attacks and switching between PIN and SwiPIN feels natural.
You Can't Watch This! Privacy-Respectful Photo Browsing on Smartphones
We present an approach to protect photos on smartphones from unwanted observations by distorting them in a way that makes it hard or impossible to recognize their content for an onlooker who does not know the photographs. On the other hand, due to the chosen way of distortion, the device owners who know the original images have no problems recognizing photos.
We present an approach to protect photos on smartphones from unwanted observations by distorting them in a way that makes it hard or impossible to recognize their content for an onlooker who does not know the photographs. On the other hand, due to the chosen way of distortion, the device owners who know the original images have no problems recognizing photos.
Scientific Services
Organizing Committees Member
- Workshop on Inconspicuous Interaction at CHI 2014
Program Committee Member
- USEC'17 - Usable Security Mini Conference
- EuroS&P'17 - IEEE European Symposium on Security and Privacy
- CHI'17 - ACM Conference on Human Factors in Computing Systems
- SOUPS'16 - Symposium On Usable Privacy and Security
- MUM'16 - International Conference on Mobile and Ubiquitous Multimedia
- MUC'15 - Mensch und Computer
Reviewing Activities (selection)
- 2016
- CCS - ACM Conference on Computer and Communications Security
- CHI - ACM Conference on Human Factors in Computing Systems (PC Member)
- IEEE Security & Privacy (IEEE Journal)
- IUI - International Conference on Intelligent User Interfaces
- MobileHCI - International Conference on Human-Computer Interaction with Mobile Devices and Services
- MUM - International Conference on Mobile and Ubiquitous Multimedia (PC Member)
- SOUPS - Symposium On Usable Privacy and Security (PC Member)
- UbiComp - International Joint Conference on Pervasive and Ubiquitous Computing
- UIST - ACM Symposium on User Interface Software and Technology
- 2015
- BritishHCI - British Human Computer Interaction Conference
- CHI - ACM Conference on Human Factors in Computing Systems
- MobileHCI - International Conference on Human-Computer Interaction with Mobile Devices and Services
- UbiComp - International Joint Conference on Pervasive and Ubiquitous Computing
- 2014
- CHI - ACM Conference on Human Factors in Computing Systems
- IUI - International Conference on Intelligent User Interfaces
- IWC - Interacting with Computers (Oxford Journals)
- MobileHCI - International Conference on Human-Computer Interaction with Mobile Devices and Services
- NordiCHI - Nordic Conference on Human-Computer Interaction
- SOUPS - Symposium On Usable Privacy and Security
- USEC - NDSS Workshop on Usable Security
- 2013
-
- CHI - ACM Conference on Human Factors in Computing Systems
- MobileHCI - International Conference on Human-Computer Interaction with Mobile Devices and Services
- MUM - International Conference on Mobile and Ubiquitous Multimedia
- 2012
-
- DIS - Designing Interactive Systems
- IEEE Pervasive Computing (IEEE Journal)
- INSS - International Conference on Networked Sensing Systems
Guest Editor
- it - Information Technology. ISSN (Online) 2196-7032, ISSN (Print) 1611-2776, DOI: 10.1515/itit-2016-0010, July 2016
Publications
Find me on Google Scholar
2019 | |
Download |
Sarah Prange, Emanuel von Zezschwitz, Florian Alt
Vision: Exploring Challenges and Opportunities for Usable Authentication in the Smart Home In EuroUSEC '19: Proceedings of the 4th European Workshop on Usable Security (bib) |
Download |
Sarah Prange, Christian Tiefenau, Emanuel von Zezschwitz, Florian Alt
Towards Understanding User Interaction in Future Smart Homes In CHI '19 Workshop: New Directions for the IoT: Automate, Share, Build, and Care (bib) |
2018 | |
Download |
Mohamed Khamis, Ludwig Trotter, Ville Mäkelä, Emanuel von Zezschwitz, Jens Le, Andreas Bulling, Florian Alt
CueAuth: Comparing Touch, Mid-Air Gestures, and Gaze for Cue-based Authentication on Situated Displays In Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 2, 4, Article 174 (December 2018), 22 pages. (bib) |
2017 | |
Download |
Mohamed Khamis, Mariam Hassib, Emanuel von Zezschwitz, Andreas Bulling, Florian Alt
GazeTouchPIN: Protecting Sensitive Data on Mobile Devices using Secure Multimodal Authentication In ICMI'17: Proceedings of the 19th ACM International Conference on Multimodal Interaction, Glasgow, Scotland, Noevember 13-17, 2017. ACM, New York, NY, USA. (bib) |
Download |
Malin Eiband, Mohamed Khamis, Emanuel von Zezschwitz, Heinrich Hussmann, Florian Alt
Understanding Shoulder Surfing in the Wild: Stories from Users and Observers In CHI '17: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. Denver, CO, USA, May 6 - 11, 2017. ACM, New York, NY, USA. (bib) |
Download |
Ceenu George, Mohamed Khamis, Emanuel von Zezschwitz, Marinus Burger, Henri Schmidt, Florian Alt, Heinrich Hussmann
Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality Proceedings of the Network and Distributed System Security Symposium (NDSS 2017) (bib) |
2016 | |
Emanuel von Zezschwitz, Malin Eiband, Daniel Buschek, Sascha Oberhuber, Alexander De Luca, Florian Alt, Heinrich Hussmann
On Quantifying the Effective Password Space of Grid-based Unlock Gestures In MUM '16: Proceedings of the 15th International Conference on Mobile and Ubiquitous Multimedia, Rovaniemi, Finnland (bib) |
|
Download |
Tobias Seitz, Emanuel von Zezschwitz, Stefanie Meitner, Heinrich Hussmann
Influencing Self-Selected Passwords Through Suggestions and the Decoy Effect In Proceedings of the 1st European Workshop on Usable Security (EuroUSEC'16). Darmstadt. Internet Society (bib) |
Download |
Emanuel von Zezschwitz, Sigrid Ebbinghaus, Heinrich Hussmann, Alexander De Luca
You Can't Watch This! Privacy-Respectful Photo Browsing on Smartphones In CHI '16: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. San Jose, CA, USA, May 7 - 12, 2016. ACM, New York, NY, USA. (bib) |
Download |
Daniel Buschek, Fabian Hartmann, Emanuel von Zezschwitz, Alexander De Luca, Florian Alt
SnapApp: Reducing Authentication Overhead with a Time-Constrained Fast Unlock Option In CHI '16: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. San Jose, CA, USA, May 7 - 12, 2016. ACM, New York, NY, USA. (bib) |
Download |
Mohamed Khamis, Florian Alt, Mariam Hassib, Emanuel von Zezschwitz, Regina Hasholzner, Andreas Bulling
GazeTouchPass: Multimodal Authentication Using Gaze and Touch on Mobile Devices In CHI '16 EA: Extended Abstracts of the 34th SIGCHI Conference on Human Factors in Computing Systems. San Jose, CA, USA, May 7 - 12, 2016. ACM, New York, NY, USA. (bib) |
Download |
Malin Eiband, Emanuel von Zezschwitz, Daniel Buschek, Heinrich Hussmann
My Scrawl Hides It All: Protecting Text Messages Against Shoulder Surfing With Handwritten Fonts In CHI '16 EA: Extended Abstracts of the 34th SIGCHI Conference on Human Factors in Computing Systems. San Jose, CA, USA, May 7 - 12, 2016. ACM, New York, NY, USA. (bib) |
2015 | |
Download |
Sigrid Ebbinghaus, Emanuel von Zezschwitz, Alexander De Luca, Heinrich Hussmann
Privacy-Respectful Photo Browsing for Smartphones: Filter Selection and Evaluation Media Informatics Technical Report, 2015 (bib) |
Download |
Emanuel von Zezschwitz, Daniel Buschek, Axel Hoesl, Henri Palleis, Hanna Schneider, Tobias Stockinger, Simon Stusak, Sarah Tausch, Andreas Butz, Heinrich Hussmann
Human Computer Interaction in the Internet of Things Era Media Informatics Advanced Seminar, Summer Term 2015 (bib) |
Daniel Buschek, Moritz Bader, Emanuel von Zezschwitz, Alexander De Luca
Automatic Privacy Classification of Personal Photos In INTERACT '15: Proceedings of the 15th IFIP TC.13 International Conference on Human-Computer Interaction. Bamberg, Germany, September 14-18, 2015. (bib) |
|
Download |
Alina Hang, Alexander De Luca, Emanuel von Zezschwitz, Manuel Demmler, Heinrich Hussmann
Locked Your Phone? Buy A New One? From Tales of Fallback Authentication on Smartphones to Actual Concepts In Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI'15). Copenhagen, Denmark, August 24th - 27th, 2015. ACM, New York, NY, USA. (bib) |
Download |
Emanuel von Zezschwitz, Alexander De Luca, Philipp Janssen, Heinrich Hussmann
Easy to Draw, but Hard to Trace? On the Observability of Grid-based (Un)lock Patterns In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI'15). Seoul, Republic of Korea, April 18 - April 23, 2015. ACM, New York, NY, USA. (bib) |
Download |
Emanuel von Zezschwitz, Alexander De Luca, Bruno Brunkow, Heinrich Hussmann
SwiPIN - Fast and Secure PIN-Entry on Smartphones In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI'15). Seoul, Republic of Korea, April 18 - April 23, 2015. ACM, New York, NY, USA. (bib) |
Download |
Alexander De Luca, Alina Hang, Emanuel von Zezschwitz, Heinrich Hussmann
I Feel Like I'm Taking Selfies All Day! Towards Understanding Biometric Authentication on Smartphones In Proceedings of the 33rd SIGCHI Conference on Human Factors in Computing Systems (CHI '15). Seoul, Korea, April 18 - April 23, 2015. ACM, New York, NY, USA. |
2014 | |
Download |
Emanuel von Zezschwitz, Alexander De Luca, Heinrich Hussmann
Honey, I Shrunk the Keys: Influences of Mobile Devices on Password Composition and Authentication Performance In Proceedings of the 8th Nordic Conference on Human-Computer Interaction: Fun, Fast, Foundational (NordiCHI '14). ACM, New York, NY, USA. (bib) |
Download |
Alina Hang, Daniel Buschek, Alexander De Luca, Axel Hoesl, Sebastian Loehmann, Henri Palleis, Simon Stusak, Sarah Tausch, Emanuel von Zezschwitz, Andreas Butz, Heinrich Hussmann
Special Aspects of Usability Media Informatics Advanced Seminar, Summer Term 2014 (bib) |
Download |
Marian Harbach, Emanuel von Zezschwitz, Andreas Fichtner, Alexander De Luca, Matthew Smith
It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception In Proceedings of the Tenth Symposium on Usable Privacy and Security (SOUPS '14). July 9-11 2014. USENIX Association, Menlo Park, USA. (bib) |
Download |
Alexander De Luca, Marian Harbach, Emanuel von Zezschwitz, Max Maurer, Bernhard Slawik, Heinrich Hussmann, Matthew Smith
Now You See Me, Now You Don't - Protecting Smartphone Authentication from Shoulder Surfers In Proceedings of the 32nd SIGCHI Conference on Human Factors in Computing Systems (CHI '14). Toronto, Canada, April 26 - May 1, 2014. ACM, New York, NY, USA. (bib) |
Download |
Emanuel von Zezschwitz, Alina Hang, Doris Hausen, Renate Häuslschmid, Axel Hoesl, Felix Lauber, Sebastian Loehmann, Henri Palleis, Bernhard Slawik, Simon Stusak, Sarah Tausch, Andreas Butz, Heinrich Hussmann
Secondary Tasks Media Informatics Advanced Seminar, Winter Term 2013/2014 (bib) |
Alina Hang, Emanuel von Zezschwitz, Alexander De Luca, Heinrich Hussmann
FaceProfiles: Inconspicuous, Private and Secure Mobile Device Sharing Workshop on Inconspicuous Interaction at CHI 2014. Toronto, Canada, April 26- May 1 2014. |
|
2013 | |
Download |
Emanuel von Zezschwitz, Alexander De Luca, Heinrich Hussmann
Survival of the Shortest: A Retrospective Analysis of Influencing Factors on Password Composition In Proceedings of the 14th IFIP TC13 Conference on Human-Computer Interaction (INTERACT 2013). Cape Town, South Africa, September 2-6 2013. (bib) |
Download |
Max Maurer, Alexander De Luca, Alina Hang, Doris Hausen, Fabian Hennecke, Sebastian Loehmann, Henri Palleis, Hendrik Richter, Simon Stusak, Aurélien Tabard, Sarah Tausch, Emanuel von Zezschwitz, Franziska Schwamb, Heinrich Hussmann, Andreas Butz
Long-Term Experiences with an Iterative Design of a QR-Code-Based Payment System for Beverages In Proceedings of the 14th IFIP TC13 Conference on Human-Computer Interaction (INTERACT 2013). Cape Town, South Africa, September 2-6 2013. |
Download |
Alina Hang, Alexander De Luca, Katharina Frison, Emanuel von Zezschwitz, Massimo Tedesco, Marcel Kockmann, Heinrich Hussmann
Travel Routes or Geography Facts? An Evaluation of Voice Authentication User Interfaces In Proceedings of the 14th IFIP TC13 Conference on Human-Computer Interaction (INTERACT 2013). Cape Town, South Africa, September 2-6 2013. (bib) |
Download |
Emanuel von Zezschwitz, Paul Dunphy, Alexander De Luca
Patterns in the Wild: A Field Study of the Usability of Pattern and PIN-based Authentication on Smartphones In MobileHCI '13: Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services. ACM, New York, NY, USA, 261-270. ISBN 978-1-4503-2273-7. (bib) |
Download |
Doris Hausen, Fabian Hennecke, Nora Broy, Alina Hang, Sebastian Loehmann, Max Maurer, Sonja Rümelin, Sarah Tausch, Emanuel von Zezschwitz, Andreas Butz, Heinrich Hussmann
Visualize! Media Informatics Advanced Seminar, Summer Term 2013 (bib) |
Download |
Alexander De Luca, Emanuel von Zezschwitz, Ngo Dieu Huong Nguyen, Max Maurer, Elisa Rubegni, Marcello Paolo Scipioni, Marc Langheinrich
Back-of-Device Authentication on Smartphones In CHI '13: Proceedings of the 31st SIGCHI Conference on Human Factors in Computing Systems. Paris, France, April 27 - May 2, 2013. ACM, New York, NY, USA, 2389-2398. ISBN 978-1-4503-1899-0. (Best Paper Honorable Mention Award) (bib) |
Download |
Alexander De Luca, Emanuel von Zezschwitz, Laurent Pichler, Heinrich Hussmann
Using Fake Cursors to Secure On-Screen Password Entry In CHI '13: Proceedings of the 31st SIGCHI Conference on Human Factors in Computing Systems. Paris, France, April 27 - May 2, 2013. ACM, New York, NY, USA, 2399-2402. ISBN 978-1-4503-1899-0. (Best Paper Honorable Mention Award) (bib) |
Download |
Henri Palleis, Alina Hang, Doris Hausen, Fabian Hennecke, Felix Lauber, Sonja Rümelin, Simon Stusak, Sarah Tausch, Emanuel von Zezschwitz, Andreas Butz, Heinrich Hussmann
Beyond the Desktop Media Informatics Advanced Seminar, Winter Term 2012/2013 (bib) |
Download |
Emanuel von Zezschwitz, Anton Koslow, Alexander De Luca, Heinrich Hussmann
Making Graphic-Based Authentication Secure against Smudge Attacks In IUI '13: Proceedings of the 2013 international conference on Intelligent user interfaces. ACM, New York, NY, USA, 277-286. DOI=10.1145/2449396.2449432, ISBN: 978-1-4503-1965-2. (bib) |
2012 | |
Download |
Alina Hang, Emanuel von Zezschwitz, Alexander De Luca, Heinrich Hussmann
Too much Information! User Attitudes towards Smartphone Sharing In NordiCHI '12: Proceedings of the 7th Nordic Conference on Human-Computer Interaction: Making Sense Through Design. ACM, New York, NY, USA, 284-287. DOI=10.1145/2399016.2399061, ISBN: 978-1-4503-1482-4. (bib) |
Download |
Alina Hang, Fabian Hennecke, Sebastian Loehmann, Max Maurer, Henri Palleis, Sonja Rümelin, Emanuel von Zezschwitz, Andreas Butz, Heinrich Hussmann
User Behavior Media Informatics Advanced Seminar, Summer Term 2012 (bib) |
Download |
Emanuel von Zezschwitz, Alina Hang
Towards Privacy-Aware Mobile Device Sharing 4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use (in Conjunction with Pervasive 2012), Newcastle, United Kingdom, June 2012 (bib) |
2010 | |
Download |
Emanuel von Zezschwitz
An Evaluation of the Influence of External Factors on Authentication Performance and Memorability Diploma Thesis, Ludwig-Maximilians-Universität München, 2010 (bib) |
2009 | |
Download |
Alexander De Luca, Emanuel von Zezschwitz, Heinrich Hussmann
VibraPass - Secure Authentication Based on Shared Lies In CHI '09: Proceedings of the 27th international Conference on Human Factors in Computing Systems. Boston, MA, USA, April 4 - 9, 2009. ACM, New York, NY, 913-916. DOI= http://doi.acm.org/10.1145/1518701.1518840, ISBN 978-1-60558-246-7. (bib) |
Teaching
- Winter 2016
- Summer 2016
- Multimedia-Programmierung
- Fortgeschrittene Themen zu HCI (Guest Lecture)
- Winter 2015
- Summer 2015
- Hauptseminar
- Fortgeschrittene Themen zu HCI (Guest Lecture)
- Winter 2014
- Summer 2014
- Winter 2013
- Summer 2013
- Winter 2012
- Summer 2012
- Winter 2011
Erasmus
Ab sofort sind meine Kollegen Mohamed Khamis und Prof. Florian Alt für die Erasmus Koordination zuständig.Bachelor, Project and Diploma Theses
Open Topics
Es werden momentan keine neuen Arbeiten ausgeschrieben.Topics in Progress
master thesis | Feasible Interaction Concepts for App-based Authentication Mechanisms on Mobile Devices |